[Bug 1797148] Re: vault: support operator configuration of kv mountpoint

[James Page]

FFe details
===========

1) builds:

See PPA - https://launchpad.net/~james-page/+archive/ubuntu/vault-
production

2) installs and upgrades:

Existing packages deployed and then upgraded to PPA built packages OK

3) does not break packages which depend on it, or that corresponding
updates have been prepared.

Barbican and castellan covered under same bug, changes implemented in a
backwards compatible way (they don't change the existing function).

4) Verification

Barbican configured with approle based authentication and a non-default
KV mountpoint using proposed packages, secrets correct stored and
retrieved using Vault via the Barbican API.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to barbican in Ubuntu.
https://bugs.launchpad.net/bugs/1797148

Title:
  vault: support operator configuration of kv mountpoint

Status in castellan:
  In Progress
Status in barbican package in Ubuntu:
  In Progress
Status in python-castellan package in Ubuntu:
  In Progress

Bug description:
  The vault integration currently hard-codes the KV mountpoint on
  'secrets' - this is the name of the enabled by default KV store in
  vault, but is probably not typical in a hardened deployment where
  multiple KV mountpoints may be used for different purposes.

  Defaulting to 'secrets' is fine, but having a config option to allow
  end user configuration would be beneficial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/castellan/+bug/1797148/+subscriptions